[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Tcp Reset from the firewall
the FTP known port problem has already been corrected for. In additional testing that has been done, the problem only occurs when the files are being pulled from the FTP server and not when files are being pushed. Is there a way to increase the amount of time that the firewall waits for the ACK to the syn ack before it terminates the connection ? Naps Robert MacDonald wrote: > > Most likely your system is running into a port that is > already in use/allocated. With that many files, the > port setup for the data channel will invariably run > into an 'existing' port. > > See the following for assistance. > > http://www.phoneboy.com/fw1/faq/0106.html > > Robert > > - - > Robert P. MacDonald, Network Engineer > Team Lead, e-Business Infrastructure > G o r d o n F o o d S e r v i c e > Voice:email: [email protected] > > >>> naps <[email protected]> 12/1/00 1:49:04 PM >>> > > > >i'm running fw 4.0 sp 5 on NT 4.0 sp 5 > > > >I'm having a problem where when two devices are seting up a connection > >i'll see device 1 send a syn seq, device two will syn ack, but device > >one fails to ack back ( the packet isn't being sent or is being lost). > >Device one then resends its syn seq and device one will resend the syn > >ack. But before device one can ack, the firewall sends a reset to device > >two. The reset causes device two to close the connection. > > > >I'm seeing this problem as a result of sniffing out a failed ftp > >connection. The client is trying to pull 1800 small files from an ftp > >server and when the reset happens the control connection is properly > >closed even though all of the files have not been retrieved. > > > >As I continue to look at this problem I'm relating it to possible > >failures that happen once an awhile on other services accross diferent > >firewalls in our enviroment. > > > >Any help or insite would be nice. > > > >Naps > >Kung-Fu is very ineffective against machine gun fire. > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|